PHP-Nuke <= 7.8 Search Module Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w use IO::Socket; if @ARGV 2 print "---------------------------------------\n"; print " EXPLOIT for PHPNuke =7.8 \n"; print "---------------------------------------\n\n"; print " Usage : \n"; print " PHPNuke1 HOST /pathphpnuke \n\n"; print " HOST...

PHP-Nuke 7.8 Search Module - SQL Injection

PHP-Nuke 7.8 Search Module - SQL Injection !/usr/bin/perl -w use IO::Socket; if @ARGV new Proto = "tcp", PeerAddr = "$HOST", PeerPort = "80" || die " Connect FAILED\n"; print " Connected OK\n"; print " Sending exploit OK\n\n"; print $send "POST ".$GET." HTTP/1.0\n"; print $send "Host: ".%HOST."\n...

PHP-Nuke <= 7.8 Search Module Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ========================================================== PHP-Nuke new Proto = "tcp", PeerAddr = "$HOST", PeerPort = "80" || die " Connect FAILED\n"; print " Connected OK\n"; print " Sending exploit OK\n\n"; print $send "POST ".$GET."...

PHP-Nuke <= 5.2 Arbitrary File Upload Vulnerability

PHP-Nuke is prone to an arbitrary file upload vulnerability in admin.php. SPDX-FileCopyrightText: 2001 SecurITeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE =...

PHP-Nuke security vulnerability (bb_smilies.php)

The remote host seems to be vulnerable to a security problem in PHP-Nuke bbsmilies.php. The vulnerability is caused by inadequate processing of queries by PHP-Nuke SPDX-FileCopyrightText: 2001 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...

PHP-Nuke sql_debug Information Disclosure

In PHP-Nuke, the sqllayer.php script contains a debugging feature that may be used by attackers to disclose sensitive information about all SQL queries. Access to the debugging feature is not restricted to administrators. SPDX-FileCopyrightText: 2002 Alert4Web.com Some text descriptions might be...

SGallery idimage SQL Injection

The remote host is running SGallery, a module for PHP-Nuke. A critical SQL injection in the remote version of this module has been found, this vulnerability allows a remote attacker via the SPDX-FileCopyrightText: 2005 Noam Rathaus Some text descriptions might be excerpted from a referenced...

CVE-2005-3368

Cross-site scripting XSS vulnerability in the SearchEnhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML via the query parameter...

CVE-2005-3368

The CVE-2005-3368 entry describes a Cross-site scripting (XSS) vulnerability in the PHP-Nuke 7.9 Search_Enhanced module. The issue allows remote attackers to inject arbitrary web script or HTML via the query parameter, potentially affecting user sessions or displayed content. Affected product: PH...

CVE-2005-3368

Cross-site scripting XSS vulnerability in the SearchEnhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML via the query parameter...

PHP-Nuke-XSS.txt

i am sorry but i had a little problem with my old e-mail address , my new one is [email protected] the mail: PHP-Nuke Search Cross-Site Scripting Vulnerability Vulnerable: i think all ver. data:2005-09-5 The search field at modules.php?name=SearchEnhanced is vulnerable to html injection attacks...

PHP-Nuke Cross-Site Scripting Vulnerability

i am sorry but i had a little problem with my old e-mail address , my new one is [email protected] the mail: PHP-Nuke Search Cross-Site Scripting Vulnerability Vulnerable: i think all ver. data:2005-09-5 The search field at modules.php?name=SearchEnhanced is vulnerable to html injection attacks...

CVE-2005-3304

Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via 1 the username parameter in the Your Account page, 2 the url parameter in the Downloads module, and 3 the description parameter in the WebLinks module...

PHP-Nuke Search Enhanced Module 1.1/2.0 - HTML Injection

source: https://www.securityfocus.com/bid/15218/info Search Enhanced module for is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and scri...

CVE-2005-3304

CVE-2005-3304 concerns multiple SQL injection vulnerabilities in PHP-Nuke 7.8. The flaws allow remote attackers to modify SQL queries and, in one case, execute arbitrary PHP code via (1) the username parameter on the Your Account page, (2) the url parameter in the Downloads module, and (3) the de...

CVE-2005-3304

Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via 1 the username parameter in the Your Account page, 2 the url parameter in the Downloads module, and 3 the description parameter in the WebLinks module...

CVE-2005-3281

Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 allows remote attackers to include arbitrary files via the file parameter...

CVE-2005-3281

CVE-2005-3281 affects NukeFixes 3.1 for PHP-Nuke 7.8, with a directory traversal flaw that lets remote attackers include arbitrary files via the file parameter. The NVD entry and Red Hat advisory corroborate this description. CVSSv2 base score is 5.0 (Medium): network access, low attack complexit...

[SA17218] PHP-Nuke NukeFixes Addon &quot;file&quot; Local File Inclusion Vulnerability

TITLE: PHP-Nuke NukeFixes Addon "file" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA17218 VERIFY ADVISORY: http://secunia.com/advisories/17218/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: NukeFixes 3.x addon for PHP-Nuke...

PHP-Nuke Search Module - modules.php Directory Traversal

PHP-Nuke Search Module - modules.php Directory Traversal source: https://www.securityfocus.com/bid/15137/info PHPNuke Search Module is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. A remote attacker may view files that are only...